diff --git a/libs/s2s.py b/libs/s2s.py
index 1d57128..bc8576d 100644
--- a/libs/s2s.py
+++ b/libs/s2s.py
@@ -4,18 +4,29 @@ AS_NUMBERS = {
     #               4290xxxxxx
     'home':         4290000138,
     'htz-cloud':    4290000137,
+    'ionos':        4290000002,
     'ovh':          4290000001,
 }
 
+WG_AUTOGEN_NODES = [
+    # only ever append to this list. If a node vanishes, set its name to
+    # `None`. You may remove nodes from the end of this, though it's not
+    # recommended to do so.
+
+    None, # fkusei-locutus never used this
+    'home.router',
+    'htz-cloud.wireguard',
+    'icinga2',
+    'ovh.icinga2',
+    'ovh.wireguard',
+]
+
 def get_subnet_for_connection(repo, peer_a, peer_b):
-    # XXX this assumes there are never more than 128 nodes which match that expression
-    nodes = sorted({node.name for node in repo.nodes if node.has_bundle('wireguard')})
+    assert peer_a in WG_AUTOGEN_NODES
+    assert peer_b in WG_AUTOGEN_NODES
 
-    assert peer_a in nodes
-    assert peer_b in nodes
-
-    pos_peer_a = nodes.index(peer_a)
-    pos_peer_b = nodes.index(peer_b)
+    pos_peer_a = WG_AUTOGEN_NODES.index(peer_a)
+    pos_peer_b = WG_AUTOGEN_NODES.index(peer_b)
 
     vpn_subnet = list(IPv4Network('169.254.0.0/16').subnets(new_prefix=24))[pos_peer_a]
     return list(IPv4Network(vpn_subnet).subnets(new_prefix=31))[pos_peer_b]